package com.shujia.day17;

import com.shujia.day17.entity.User;
import com.shujia.day17.utils.MySQLTool;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.FileReader;
import java.io.FileWriter;
import java.sql.*;
import java.util.*;

/*
    sql注入的问题
 */

public class IODemo2 {
    public static void init() {
        System.out.println("=============== 欢迎来到李刚博彩城！！ ================");
        System.out.println("-------------------");
        System.out.println("菜单：");
        System.out.println("1. 登录");
        System.out.println("2. 注册");
        System.out.println("3. 修改信息");
        System.out.println("-------------------");
        Scanner sc = new Scanner(System.in);
        System.out.print("您要做的操作选项：");
        int choice = sc.nextInt();
        switch (choice) {
            case 1:
                login();
                break;
            case 2:
                register();
                break;
            case 3:
                //TODO: 修改信息【只能修改密码，不能修改用户名】
                //update();
                break;
            default:
                System.out.println("没有该选项...欢迎下次使用！");
        }
    }

    public static void register() {
        System.out.println(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>注册操作进行中");
        Scanner sc = new Scanner(System.in);
        try {
            Thread.sleep(3000);
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
        System.out.println("######## 欢迎注册李刚博彩城 ^_< ########");
        System.out.print("请设置新用户名: ");
        String name = sc.nextLine();
        //TODO: 这里需要读取配置文件获取用户和密码
        if (isUserExistWithName(name)) {
            System.out.println("该用户名已经存在！");
            return;
        }

        System.out.print("请设置新用户的密码: ");
        String password = sc.nextLine();

        saveUser(name, password);
    }

    public static void saveUser(String username, String password) {
        Connection conn = null;
        Statement statement = null;

        try {
            conn = MySQLTool.getConnection();
            statement = conn.createStatement();

            int id = 0;
            ResultSet resultSet = statement.executeQuery("select max(id) as maxId from sjusers");
            while (resultSet.next()) {
                id = Integer.parseInt(resultSet.getString(1)) + 1;
            }
            String sql = "insert into sjusers values(" + id + ",'" + username + "','" + password + "')";
            int i = statement.executeUpdate(sql);
            if (i == 1) {
                System.out.println("用户保存成功！！");
            } else {
                System.out.println("用户保存失败！！");
            }

        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            if (statement != null) {
                try {
                    statement.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }

            if (conn != null) {
                try {
                    conn.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
        }
    }

    public static void login() {
        System.out.println(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>登录操作进行中");
        Scanner sc = new Scanner(System.in);
        try {
            Thread.sleep(3000);
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
        System.out.println("######## 欢迎登录李刚博彩城 ^_< ########");
        System.out.print("请输入您的用户名: ");
        String name = sc.nextLine();
        if (!isUserExistWithName(name)) {
            System.out.println("该用户不存在, 请先注册！");
            return;
        }

        System.out.print("请输入您的密码: ");
        String password = sc.nextLine();
        //TODO: 这里需要读取数据库表获取用户和密码
        User user = getUserWithNameAndPassword(name, password);

        if (user != null) {
            System.out.println("登录成功！美女荷官，在线发牌....");
        } else {
            System.out.println("您输入的密码错误！！！已退出...");
        }
    }

    public static boolean isUserExistWithName(String name) {
        Connection conn = null;
        Statement statement = null;
        boolean flag = false;
        try {
            conn = MySQLTool.getConnection();
            statement = conn.createStatement();

            ResultSet resultSet = statement.executeQuery("select name,password from sjusers where name='" + name + "'");
            if (resultSet.next()) {
                flag = true;
            }

        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            if (statement != null) {
                try {
                    statement.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }

            if (conn != null) {
                try {
                    conn.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
        }

        return flag;
    }


    public static User getUserWithNameAndPassword(String name, String pwd) {
        Connection conn = null;
//        Statement statement = null;
        PreparedStatement preparedStatement = null;
        User user = null;
        try {
            conn = MySQLTool.getConnection();
//            statement = conn.createStatement();


//            String sql = "select name,password from sjusers where name='" + name + "' and password='" + pwd + "'";
            //select name,password from sjusers where name='ligang' and password='dsa' or '1'='1'
            //"select name,password from sjusers where name=? and password=?";
            String sql = "select name,password from sjusers where name=? and password=?"; // ?相当于占位符
            preparedStatement = conn.prepareStatement(sql);
            preparedStatement.setString(1,name);
            preparedStatement.setString(2,pwd);

//            System.out.println(sql);
//            ResultSet resultSet = statement.executeQuery(sql);
            ResultSet resultSet = preparedStatement.executeQuery();

            if (resultSet.next()) {
                String username = resultSet.getString("name");
                String password = resultSet.getString("password");
                user = new User(username, password);
            }

        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            if (preparedStatement != null) {
                try {
                    preparedStatement.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }

            if (conn != null) {
                try {
                    conn.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
        }

        return user;

    }

//    public static Set<User> getAllUsers(){
//        HashSet<User> users = new HashSet<>();
//        try {
//            Connection conn = MySQLTool.getConnection();
//            //TODO:查询数据库获取所有的用户
//            Statement state = conn.createStatement();
//
//
//
//        }catch (Exception e){
//            e.printStackTrace();
//        }
//
//        return users;
//    }

    public static void main(String[] args) {
        init();
    }
}
